Tag: Strategies
Team leader, network administrator, data miner, money specialist. These are just some of the roles making a difference at today’s enterprises. The same is also true for sophisticated cyber-gangs. Many still wrongly believe that the dark web is exclusively inhabited by hoodie-clad teenagers and legions of disaffected disruptors. The truth is, the average hacker is…
Read MoreOver the years, I’ve seen articles comparing cybersecurity to martial arts, so I’ve been reluctant to write one. I’ll be the first to admit, I’m no Jeremiah Grossman, black belt in Brazilian Jiu-Jitsu, but I have done martial arts on and off since I was in elementary school. Now that my son has begun that…
Read MoreThere’s no doubt your information is out there. And at a certain point, you have to assume it’ll be exposed. So now what? With everything that’s happened in cybersecurity over the past few years and in the wake of so many high profile breaches all over the world, it’s time for a shift in mindset.…
Read MoreThere's often a gap between what we say we need for an effective security posture, and what we actually do. Examining the gaps between "best practices" and reality helps us get to more tangible results. Source link lol
Read MoreAs it’s been said, we’re trying to have a civilization here. So, what is the foundation of a society? Is it the economy? Personal relationships? Employment? Institutions like a legal system or a free press? I would argue that the cornerstone underlying all of those is trust—and trust’s corollary, reputation. Because nothing really works without…
Read MoreIn this series, we examine how the reality of a security program differs from the perception some security practioners hold. To do this, we’re focusing on four specific gaps that can weaken security defenses and instigate security incidents. For example, consider the rising number of cloud breaches caused by engineers disabling basic access control, either…
Read MoreAt the beginning of this year, we invited security leaders to talk about their past failures and the lessons they wanted to pass on. We called it If we had to do it again, and people really liked it. A number of folks approached me wanting to tell their stories as well; so a month…
Read MoreAs we’ve seen in this series, security defenders’ perception of a security program can differ from the reality. Part 1 examined three key gaps that lead to incomplete risk management processes. Part 2 explored the gap in critical areas of perception of risk and defense between security leadership and security technicians, and how it can…
Read MoreThis move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams. In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not…
Read MoreThen there are the technical questions that need to be answered. What data will be captured, shared, and processed? What mobile platforms will the app run on? What server-side platforms will it need to talk to? Internal platforms? Third-party services? You also need to dig into the questions of expectations and dependencies. How important will…
Read More